Total
2124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28988 | 1 Solarwinds | 1 Web Help Desk | 2025-11-14 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. We recommend all Web Help Desk customers apply the patch, which is now available. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | |||||
| CVE-2025-11367 | 1 N-able | 1 N-central | 2025-11-14 | N/A | 9.8 CRITICAL |
| The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization | |||||
| CVE-2025-12844 | 2025-11-14 | N/A | 7.1 HIGH | ||
| The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'rest_simpleTranscribeAudio' and 'rest_simpleVisionQuery' functions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | |||||
| CVE-2025-64353 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3. | |||||
| CVE-2025-62035 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. | |||||
| CVE-2025-62025 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through < 3.0.8. | |||||
| CVE-2025-62008 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4. | |||||
| CVE-2025-60238 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 8.72.34. | |||||
| CVE-2025-60234 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through <= 2.8. | |||||
| CVE-2025-60232 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5. | |||||
| CVE-2025-60228 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through <= 2.9. | |||||
| CVE-2025-60226 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in axiomthemes White Rabbit whiterabbit allows Object Injection.This issue affects White Rabbit: from n/a through <= 1.5.2. | |||||
| CVE-2025-60225 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <= 1.5.0. | |||||
| CVE-2025-60224 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through <= 2.0.9. | |||||
| CVE-2025-60221 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through <= 3.0.3. | |||||
| CVE-2025-60216 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through <= 1.4.2. | |||||
| CVE-2025-60215 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through <= 3.4. | |||||
| CVE-2025-60214 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through <= 1.2.1. | |||||
| CVE-2025-60213 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Whitebox-Studio Scape scape allows Object Injection.This issue affects Scape: from n/a through <= 1.5.13. | |||||
| CVE-2025-60212 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through <= 4.2. | |||||